agenda
Download
Skip this Video
Download Presentation
Agenda

Loading in 2 Seconds...

play fullscreen
1 / 10

Agenda - PowerPoint PPT Presentation


  • 137 Views
  • Uploaded on

CS G513 / SS G513 Network Security. Agenda. Public Key Encryption Basics and Attacks RSA – Correctness and Security Strength. (Asymmetric) Public Key Encryption. Key Idea: One key (say the encryption key) is public and distributed in an open (but authentic) way.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Agenda ' - hue


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda

CS G513 / SS G513 Network Security

Agenda

Public Key Encryption

Basics and Attacks

RSA – Correctness and Security Strength

asymmetric public key encryption
(Asymmetric) Public Key Encryption
  • Key Idea:
    • One key (say the encryption key) is public and distributed in an open (but authentic) way.
    • The other key (say decryption key) is kept secret/private.
    • Secrecy – achieved by the fact that only those who own (a private) key can decrypt a message encrypted by (the corresponding) public key.
  • D(kv , E(ku , m)) = m
    • kv is the private key
    • Ku is the public key

Sundar B.

pke types of attacks
PKE - Types of Attacks
  • Chosen plain-text attack is possible by a passive adversary.
  • Stronger attack: Chosen ciphertext attack
    • Choose a ciphertext and obtain (by some means from victim) the corresponding plaintext
  • Indifferent chosen-ciphertext attack
    • Adversary provided with decryptions of ciphertexts of its choice, but the choices made a-priori.
  • Adaptive Chosen-ciphertext attacks
    • Adversary may use or have access to victim’s decryption machine but not the private key even after seeing the ciphertext to be broken.

Sundar B.

public key encryption issues
Public Key Encryption - Issues
  • Public Key Distribution
    • Must be done in authentic way – otherwise leads to easy impersonation
  • PKE schemes may assume block wise encryption:
    • Plaintext is broken into blocks of fixed length
    • Cipher Block Chaining (CBC mode) can be used against block manipulation
    • CFB and OFB modes so cannot be used in PKE schemes – Why?

Sundar B.

slide5
RSA
  • Rivest, Shamir and Adleman – 1978.
    • Based on modular arithmetic and prime factors.
  • Key generation
    • Generate two different, large, random primes p and q (roughly the same size as each other)
    • Compute n=pq and  = (p-1)(q-1)
    • Select a random int. e such that gcd(e, ) = 1.
    • Compute d s.t. ed = 1 (mod )
    • Let ku = (n,e) and kv = (n,d)
  • Does d always exist ?

Sundar B.

slide6
RSA
  • Encryption:
    • Represent message as an int m in the range [0..N-1]
    • Compute c = me (mod n)
  • Decryption
    • Compute m = cd (mod n)

Sundar B.

rsa correctness
RSA - Correctness
  • Lemma 1: med = m (mod p)
  • Lemma 2: med = m (mod q)
  • Theorem: cd = (me)d = m (mod n)
    • Proof of Theorem:

Since p and q are distinct primes,

med – m divides pq (by lemma 1 and 2)

i.e. med = m (mod n)

rsa correctness1
RSA - Correctness
  • Proof of Lemma 1:
    • Given ed = 1 (mod ), there exists k such that ed = 1 + k .
    • If gcd(m,p) = 1 then mp-1 = 1 (mod p) by Fermat’s Little Theorem.
    • Then med = m (mod p).
    • But this is true if gcd(m,p) = p as well as
      • both sides are congruent to 0 (mod p)

Sundar B.

security of rsa
Security of RSA
  • Adversary’s task:
    • Given ciphertext c, and public key (n,e)
      • find plaintext m
      • find private key (n,d)
    • Possible approach:
      • Factorize n
      • Compute  and d just as the sender does.
      • Then (n,d) is the private key and
      • m = cd (mod n) is the plaintext message.

Sundar B.

security of rsa1
Security of RSA
  • Security of RSA depends on 2 claims:
    • Factoring is difficult (Claim 1) and
    • Obtaining d is at least hard as factoring (Claim 2).
  • Factorization is difficult
    • No known polynomial time algorithm exists.
    • But not proven to be NP-hard.
  • It has been proved that
    • given any multiple of  = (p-1)(q-1), n can be factored.
    • Since ed = 1(mod ) , ed-1 = k for some k.
ad